Community discussions

MikroTik App
 
alve89
just joined
Topic Author
Posts: 11
Joined: Sun May 01, 2022 4:02 am

Muptiple subnets for L2TP/IPSec VPN

Wed May 17, 2023 2:12 pm

Hi all together,

I'm having a problem and can't get it solved:

I have 2 subnets (192.168.10.0/24 and .20/24). I want to get addresses via DHCP in different subnets for different users (e. g. user10 and user20).
Since I can only set one default profile in PPP/L2TP server and the subnet-assigning is only happening in the chosen profile, I can't find any option to solve my problem as desired. Could you please help me here and tell me, if what I want is possible (and if yes, how)?

Thanks a lot in advance!
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Muptiple subnets for L2TP/IPSec VPN

Wed May 17, 2023 6:50 pm

From the documentation "PPP profiles are used to define default values for user access records stored under /ppp secret submenu. Settings in /ppp secret User Database override corresponding /ppp profile settings except that single IP addresses always take precedence over IP pools when specified as local-address or remote-address parameters." so you can specify a different remote address IP or IP pool for specific users.

L2TP has no concept of subnets, it is a point-to-point connection with a single /32 address at each end determined by the local-address and remote-address settings. These are assigned during the PPP link setup with IPCP, not DHCP.

If the remote address overlaps with a subnet assigned to an ethernet network it is not part of that subnet, so requires the use of proxy ARP if devices on the ethernet network need to communicate with the remote client.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Muptiple subnets for L2TP/IPSec VPN

Fri May 19, 2023 5:49 pm

As @tdw wrote, you can have only a single /32 IP address per L2TP client account on an L3 (IP) tunnel. To assign an address to an L2TP client, DHCP is not used at all.

So if you actually mean that individual L2TP users should get addresses from distinct address pools, you can specify a pool name as the remote-address parameter of a /ppp secret row and/or you can link a /ppp secret row to a /ppp profile row and specify a pool for client addresses on the latter one.
 
alve89
just joined
Topic Author
Posts: 11
Joined: Sun May 01, 2022 4:02 am

Re: Muptiple subnets for L2TP/IPSec VPN

Sat May 20, 2023 9:23 am

Thank both of you, for both the detailed explanation and the easy understandable instruction!

I‘ll try that and hopefully get it done.

Who is online

Users browsing this forum: Bing [Bot], Kanzler, kvitek79, miks, Semrush [Bot] and 93 guests